A data communications component like a NIC (network interface card) or a remote direct memory access (RDMA) NIC (RNIC) may have limited resources like ports, memory, connections, licenses, processor cycles, and so on. Undesired (e.g., unauthorized) consumption of these limited resources may negatively impact data communication functionality provided by the data communications component. For example, while an RNIC may be designed to support RDMA, if resources that support RDMA are unavailable due to undesired consumption, then the RDMA feature may be unavailable. Similarly, while an (R)NIC may support off-loading protocol handling, if resources that support protocol off-loading are consumed, then the feature may not be available. Furthermore, once the resources are consumed by an undesired connection, like that established during a denial of service (DoS) attack, it may be difficult, if possible at all, to reclaim those resources.
Protocol off-loading is an RNIC feature that facilitates moving processing associated with handling networking protocol services from a first component (e.g., server motherboard processor) to an RNIC. Rather than a computer's central processing unit (CPU) being responsible for protocol services like accounting for missing packets, connection establishment, (en)decryption, routing, and so on, the processing can be moved to a processor on an RNIC. The RNIC may provide services for several layers of a protocol (e.g., physical, data link, network, transport), leaving the first component more resources (e.g., memory, processor cycles) to handle other concurrent tasks, thereby improving overall functionality in the component from which the protocol was off-loaded. Thus, a server may benefit from protocol off-loading and other services provided by an RNIC (e.g., RDMA) when the resources on the RNIC are managed in a manner that prevents undesired consumption of those resources. While protocol off-loading and RDMA are described, it is to be appreciated that other data communication and networking functions can be negatively impacted by undesired resource consumption.
In some network protocols that employ TCP/IP (Transmission Control Protocol/Internet Protocol) a port is a logical endpoint. A port may be used by a client to specify a specific server program with which it desires to interact or a specific server resource it wishes to access. For example, a port may be associated with a protocol off-loading service that provides a logical connection to a communicating node. To facilitate making connections between communicating nodes over a computer network via ports, some ports may have numbers and/or addresses that are pre-assigned. These types of ports may be called “well-known ports” and the first actions taken when establishing a connection may involve these well-known ports.
One well-known port may be associated with a port mapping logic (e.g., a port mapper) that facilitates finding and/or interacting with an available service like an off-loaded protocol service. A port mapper may be implemented in software, firmware, hardware, and combinations thereof. A port mapper may map a resource, program, service, and so on to a transport-specific port number that can be made known to a requesting client via mapping data distributed in response to a request for mapping data. This facilitates a client dynamically binding to, using, and/or communicating with the mapped programs, services, resources, and so on. However, unprotected distribution of mapping data can lead to undesired consumption of limited networking resources.
A requesting client may communicate with a port mapper that is listening at a well-known port to request mapping data concerning with which server port a resource is associated. For example, a requesting client may request information concerning a port at which an off-loaded protocol is available. The requesting client may receive the port/resource mapping data from the port mapper and then request that a connection be established to that port. However, not all connections are desirable and some may be conceived with malicious intent. For example, a DoS attack may be based on exploiting the fact that an RNIC may only be able to off-load a certain number of connections. If the DoS attack can acquire those off-loaded connections, then no connections may be left for desired interactions.